Author
Topic: Ports Scanning (Read 8240 times)

I was running 1.2.3-RC3 built on Oct 8 and it was pointed out that the protection on the local pc were alerting with popups TCP ports scanned I tried blocking the address listed with no luck then I updated pfsense to the latest snapshot and still no luck the scans continue, the address listed is part of the Block bogon networks list so why isntpfsense blocking port scans I have a couple of other address that got past pfsense with tcp ports scanning

I have no port forward to any pc and i really dont know how they are getting to the PC. all PC are behind the pfsense box their are no open ports on the wan side all I know is that the AV/PF gives an alert of a portscan and has all the entry listed in the log so I was askingif pfsense blocks port scans and if so how come i am seeing those port scans shouldn't pfsense had caught them.

this is impossible. packets are not going to magically go from the WAN to your PC unless pfsense was set up to send them there. either these are faked, or there is some trojan running on your PC which is letting stuff in (maybe something else, but no idea right now.) or maybe a hacked zombie pc on your LAN which is spoofing the packets? easy way to tell is to run tcpdump on the wan interface of the pfsense and see if you see those packets coming in at all.